From 339d10a5725605675dddab5b926db000f63f37b2 Mon Sep 17 00:00:00 2001
From: wangjingz <jing.z.wang@intel.com>
Date: Mon, 18 Nov 2024 15:42:52 +0800
Subject: [PATCH 01/20] Create trivy.yml

---
 .github/workflows/trivy.yml | 53 +++++++++++++++++++++++++++++++++++++
 1 file changed, 53 insertions(+)
 create mode 100644 .github/workflows/trivy.yml

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
new file mode 100644
index 0000000..fd8a9e0
--- /dev/null
+++ b/.github/workflows/trivy.yml
@@ -0,0 +1,53 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+name: trivy-scan
+
+on:
+  push:
+    branches: [ "master" ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ "master" ]
+  schedule:
+    - cron: '31 14 * * 2'
+
+permissions:
+  contents: read
+
+jobs:
+  build:
+    permissions:
+      contents: read # for actions/checkout to fetch code
+      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+      actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
+    name: Build
+    runs-on: "ubuntu-20.04"
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Build an image from Dockerfile
+        run: |
+          # docker build -t docker.io/my-organization/my-app:${{ github.sha }} .
+          sudo mkdir -p /etc/systemd/system/docker.service.d
+          sudo systemctl daemon-reload
+          sudo systemctl restart docker
+          cd ./ivsr_ffmpeg_plugin
+          ./build_docker.sh --enable_ov_patch true --ov_version 2022.3
+
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@7b7aa264d83dc58691451798b4d117d53d21edfe
+        with:
+          image-ref: 'ffmpeg_ivsr_sdk_$OV_VERSION_N'
+          format: 'template'
+          template: '@/contrib/sarif.tpl'
+          output: 'trivy-results.sarif'
+          severity: 'CRITICAL,HIGH'
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: 'trivy-results.sarif'

From d7bdddf80166cbf176fab589acf5463a1cff4c4f Mon Sep 17 00:00:00 2001
From: wangjingz <jing.z.wang@intel.com>
Date: Mon, 18 Nov 2024 16:01:19 +0800
Subject: [PATCH 02/20] Update trivy.yml

---
 .github/workflows/trivy.yml | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index fd8a9e0..624c158 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -3,7 +3,7 @@
 # separate terms of service, privacy policy, and support
 # documentation.
 
-name: trivy-scan
+name: Trivy-scan
 
 on:
   push:
@@ -21,10 +21,10 @@ jobs:
   build:
     permissions:
       contents: read # for actions/checkout to fetch code
-      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
-      actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
+      #security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+      #actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
     name: Build
-    runs-on: "ubuntu-20.04"
+    runs-on: "ubuntu-22.04"
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
@@ -41,13 +41,14 @@ jobs:
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@7b7aa264d83dc58691451798b4d117d53d21edfe
         with:
-          image-ref: 'ffmpeg_ivsr_sdk_$OV_VERSION_N'
+          image-ref: 'ffmpeg_ivsr_sdk_ov2022.3'
           format: 'template'
           template: '@/contrib/sarif.tpl'
-          output: 'trivy-results.sarif'
+          ignore-unfixed: true
+          output: 'trivy-ivsr-results.sarif'
           severity: 'CRITICAL,HIGH'
 
       - name: Upload Trivy scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@v3
         with:
-          sarif_file: 'trivy-results.sarif'
+          sarif_file: 'trivy-ivsr-results.sarif'

From 604036d2c498f6209ba7e912cfef969cd1131af8 Mon Sep 17 00:00:00 2001
From: wangjingz <jing.z.wang@intel.com>
Date: Mon, 18 Nov 2024 21:16:52 +0800
Subject: [PATCH 03/20] Update trivy.yml

---
 .github/workflows/trivy.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index 624c158..d5409fd 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -21,8 +21,8 @@ jobs:
   build:
     permissions:
       contents: read # for actions/checkout to fetch code
-      #security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
-      #actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
+      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+      actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
     name: Build
     runs-on: "ubuntu-22.04"
     steps:

From 28cfe7fe880d7d71301fe8d80e2973d35e9b0fe3 Mon Sep 17 00:00:00 2001
From: wangjingz <jing.z.wang@intel.com>
Date: Mon, 18 Nov 2024 23:12:55 +0800
Subject: [PATCH 04/20] Update trivy.yml

---
 .github/workflows/trivy.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index d5409fd..72c45c0 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -13,6 +13,9 @@ on:
     branches: [ "master" ]
   schedule:
     - cron: '31 14 * * 2'
+env:
+  TRIVY_DB_REPOSITORY: ${{ steps.ecr-login.outputs.registry }}/github/aquasecurity/trivy-db:2
+  TRIVY_JAVA_DB_REPOSITORY: ${{ steps.ecr-login.outputs.registry }}/github/aquasecurity/trivy-java-db:1
 
 permissions:
   contents: read

From 9e3f2ee98f1f50a3a7d8167a07632ab9d9000327 Mon Sep 17 00:00:00 2001
From: wangjingz <jing.z.wang@intel.com>
Date: Mon, 18 Nov 2024 23:25:19 +0800
Subject: [PATCH 05/20] Update trivy.yml

---
 .github/workflows/trivy.yml | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index 72c45c0..758bcb0 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -12,10 +12,10 @@ on:
     # The branches below must be a subset of the branches above
     branches: [ "master" ]
   schedule:
-    - cron: '31 14 * * 2'
-env:
-  TRIVY_DB_REPOSITORY: ${{ steps.ecr-login.outputs.registry }}/github/aquasecurity/trivy-db:2
-  TRIVY_JAVA_DB_REPOSITORY: ${{ steps.ecr-login.outputs.registry }}/github/aquasecurity/trivy-java-db:1
+    - cron: '31 17 * * 2'
+#env:
+  #TRIVY_JAVA_DB_REPOSITORY: github/aquasecurity/trivy-java-db:1
+  #TRIVY_DB_REPOSITORY: github/aquasecurity/trivy-db:2
 
 permissions:
   contents: read
@@ -43,6 +43,9 @@ jobs:
 
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@7b7aa264d83dc58691451798b4d117d53d21edfe
+        env:
+          TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db
+          TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db
         with:
           image-ref: 'ffmpeg_ivsr_sdk_ov2022.3'
           format: 'template'

From bc3dbaff287a52816c30ace1a377d021e078cfa4 Mon Sep 17 00:00:00 2001
From: wangjingz <jing.z.wang@intel.com>
Date: Tue, 19 Nov 2024 10:56:36 +0800
Subject: [PATCH 06/20] Update trivy.yml

---
 .github/workflows/trivy.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index 758bcb0..00ef8cf 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -35,6 +35,8 @@ jobs:
       - name: Build an image from Dockerfile
         run: |
           # docker build -t docker.io/my-organization/my-app:${{ github.sha }} .
+          docker system prune -a
+          docker rmi ffmpeg_ivsr_sdk_ov2022.3
           sudo mkdir -p /etc/systemd/system/docker.service.d
           sudo systemctl daemon-reload
           sudo systemctl restart docker
@@ -47,10 +49,11 @@ jobs:
           TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db
           TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db
         with:
-          image-ref: 'ffmpeg_ivsr_sdk_ov2022.3'
+          image-ref: 'ffmpeg_ivsr_sdk_ov2022.3:latest'
           format: 'template'
           template: '@/contrib/sarif.tpl'
           ignore-unfixed: true
+          vuln-type: 'os,library'
           output: 'trivy-ivsr-results.sarif'
           severity: 'CRITICAL,HIGH'
 

From 889d82d383e21377d871d34e426631e2b0180b88 Mon Sep 17 00:00:00 2001
From: wangjingz <jing.z.wang@intel.com>
Date: Tue, 19 Nov 2024 11:12:21 +0800
Subject: [PATCH 07/20] Update trivy.yml

---
 .github/workflows/trivy.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index 00ef8cf..53aaeb8 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -49,7 +49,7 @@ jobs:
           TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db
           TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db
         with:
-          image-ref: 'ffmpeg_ivsr_sdk_ov2022.3:latest'
+          image-ref: 'ffmpeg_ivsr_sdk_ov2022.3'
           format: 'template'
           template: '@/contrib/sarif.tpl'
           ignore-unfixed: true

From 09061a0e9e068b5e9b846e2288b1943459ee1bec Mon Sep 17 00:00:00 2001
From: wangjingz <jing.z.wang@intel.com>
Date: Tue, 19 Nov 2024 11:15:40 +0800
Subject: [PATCH 08/20] Update trivy.yml

---
 .github/workflows/trivy.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index 53aaeb8..0fd3511 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -35,8 +35,8 @@ jobs:
       - name: Build an image from Dockerfile
         run: |
           # docker build -t docker.io/my-organization/my-app:${{ github.sha }} .
-          docker system prune -a
-          docker rmi ffmpeg_ivsr_sdk_ov2022.3
+          sudo docker system prune -a
+          sudo docker rmi ffmpeg_ivsr_sdk_ov2022.3
           sudo mkdir -p /etc/systemd/system/docker.service.d
           sudo systemctl daemon-reload
           sudo systemctl restart docker

From 890d327a4852ccc3e274803d8defe87305205fb9 Mon Sep 17 00:00:00 2001
From: wangjingz <jing.z.wang@intel.com>
Date: Tue, 19 Nov 2024 11:18:33 +0800
Subject: [PATCH 09/20] Update trivy.yml

---
 .github/workflows/trivy.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index 0fd3511..ac6ef56 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -36,7 +36,6 @@ jobs:
         run: |
           # docker build -t docker.io/my-organization/my-app:${{ github.sha }} .
           sudo docker system prune -a
-          sudo docker rmi ffmpeg_ivsr_sdk_ov2022.3
           sudo mkdir -p /etc/systemd/system/docker.service.d
           sudo systemctl daemon-reload
           sudo systemctl restart docker

From 88ea8466447551a04c56aa288363c78e79dc6bcf Mon Sep 17 00:00:00 2001
From: wangjingz <jing.z.wang@intel.com>
Date: Tue, 19 Nov 2024 14:30:46 +0800
Subject: [PATCH 10/20] Update trivy.yml

---
 .github/workflows/trivy.yml | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index ac6ef56..b61ce00 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -35,7 +35,9 @@ jobs:
       - name: Build an image from Dockerfile
         run: |
           # docker build -t docker.io/my-organization/my-app:${{ github.sha }} .
-          sudo docker system prune -a
+          sudo docker system prune -f
+          sudo docker image prune -f
+          sudo docker container prune -f
           sudo mkdir -p /etc/systemd/system/docker.service.d
           sudo systemctl daemon-reload
           sudo systemctl restart docker
@@ -49,8 +51,9 @@ jobs:
           TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db
         with:
           image-ref: 'ffmpeg_ivsr_sdk_ov2022.3'
-          format: 'template'
-          template: '@/contrib/sarif.tpl'
+          #format: 'template'
+          #template: '@/contrib/sarif.tpl'
+          format: 'sarif'
           ignore-unfixed: true
           vuln-type: 'os,library'
           output: 'trivy-ivsr-results.sarif'

From 1ad5ae925aa43554eb78be01e3f25ec9175e8ae8 Mon Sep 17 00:00:00 2001
From: wangjingz <jing.z.wang@intel.com>
Date: Tue, 19 Nov 2024 16:01:50 +0800
Subject: [PATCH 11/20] Update trivy.yml

---
 .github/workflows/trivy.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index b61ce00..bf589f1 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -43,7 +43,10 @@ jobs:
           sudo systemctl restart docker
           cd ./ivsr_ffmpeg_plugin
           ./build_docker.sh --enable_ov_patch true --ov_version 2022.3
-
+          
+      - name: Set up temporary directory for Trivy
+        run: mkdir -p /github/workspace/trivy-scan && echo "TRIVY_TMPDIR=/github/workspace/trivy-scan" >> $GITHUB_ENV
+        
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@7b7aa264d83dc58691451798b4d117d53d21edfe
         env:

From 1dd43e38d78e30725ea2aff09d8d7a46243afa3a Mon Sep 17 00:00:00 2001
From: wangjingz <jing.z.wang@intel.com>
Date: Wed, 20 Nov 2024 09:29:35 +0800
Subject: [PATCH 12/20] Update trivy.yml

---
 .github/workflows/trivy.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index bf589f1..1e09849 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -45,7 +45,9 @@ jobs:
           ./build_docker.sh --enable_ov_patch true --ov_version 2022.3
           
       - name: Set up temporary directory for Trivy
-        run: mkdir -p /github/workspace/trivy-scan && echo "TRIVY_TMPDIR=/github/workspace/trivy-scan" >> $GITHUB_ENV
+        run: |
+          sudo mkdir -p /github/workspace/trivy-scan
+          sudo echo "TRIVY_TMPDIR=/github/workspace/trivy-scan" >> $GITHUB_ENV
         
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@7b7aa264d83dc58691451798b4d117d53d21edfe

From 31c1720b4fc4148430fb5563b13e09a072793d16 Mon Sep 17 00:00:00 2001
From: wangjingz <jing.z.wang@intel.com>
Date: Fri, 22 Nov 2024 09:23:36 +0800
Subject: [PATCH 13/20] Update trivy.yml

---
 .github/workflows/trivy.yml | 21 +++++++++++++++------
 1 file changed, 15 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index 1e09849..584fed2 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -31,7 +31,19 @@ jobs:
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
-
+      - name: Check disk space
+        run: df -h
+      - name: Clear Git Untracked Files
+        run: |
+          git clean -fdx
+      - name: Clear GitHub Actions Cache
+        uses: actions/cache@v2
+        with:
+          key: ${{ runner.os }}-build-${{ hashFiles('**/lockfile') }}
+          path: |
+            node_modules
+            ~/Library/Caches/
+          action: clean
       - name: Build an image from Dockerfile
         run: |
           # docker build -t docker.io/my-organization/my-app:${{ github.sha }} .
@@ -43,11 +55,8 @@ jobs:
           sudo systemctl restart docker
           cd ./ivsr_ffmpeg_plugin
           ./build_docker.sh --enable_ov_patch true --ov_version 2022.3
-          
-      - name: Set up temporary directory for Trivy
-        run: |
-          sudo mkdir -p /github/workspace/trivy-scan
-          sudo echo "TRIVY_TMPDIR=/github/workspace/trivy-scan" >> $GITHUB_ENV
+          - name: Check disk space
+          run: df -h
         
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@7b7aa264d83dc58691451798b4d117d53d21edfe

From a59ff5fdf5a4baccf7f8e2d6a3dd7b71bd37275b Mon Sep 17 00:00:00 2001
From: wangjingz <jing.z.wang@intel.com>
Date: Fri, 22 Nov 2024 16:17:32 +0800
Subject: [PATCH 14/20] Update trivy.yml

---
 .github/workflows/trivy.yml | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index 584fed2..9ad0040 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -33,17 +33,17 @@ jobs:
         uses: actions/checkout@v4
       - name: Check disk space
         run: df -h
-      - name: Clear Git Untracked Files
-        run: |
-          git clean -fdx
-      - name: Clear GitHub Actions Cache
-        uses: actions/cache@v2
-        with:
-          key: ${{ runner.os }}-build-${{ hashFiles('**/lockfile') }}
-          path: |
-            node_modules
-            ~/Library/Caches/
-          action: clean
+      #- name: Clear Git Untracked Files
+        #run: |
+          # git clean -fdx
+      #- name: Clear GitHub Actions Cache
+       # uses: actions/cache@v2
+       # with:
+         # key: ${{ runner.os }}-build-${{ hashFiles('**/lockfile') }}
+         # path: |
+         #   node_modules
+         #   ~/Library/Caches/
+         # action: clean
       - name: Build an image from Dockerfile
         run: |
           # docker build -t docker.io/my-organization/my-app:${{ github.sha }} .

From 0a14676811d287e4f0ba5e2fbd3da04f3bd1a3ec Mon Sep 17 00:00:00 2001
From: wangjingz <jing.z.wang@intel.com>
Date: Mon, 25 Nov 2024 10:17:26 +0800
Subject: [PATCH 15/20] Update trivy.yml

---
 .github/workflows/trivy.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index 9ad0040..f264dee 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -55,8 +55,8 @@ jobs:
           sudo systemctl restart docker
           cd ./ivsr_ffmpeg_plugin
           ./build_docker.sh --enable_ov_patch true --ov_version 2022.3
-          - name: Check disk space
-          run: df -h
+      - name: Check disk space
+        run: df -h
         
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@7b7aa264d83dc58691451798b4d117d53d21edfe

From 6a072fca522f8ae07375cc54ed8407a51c98e6c4 Mon Sep 17 00:00:00 2001
From: wangjingz <jing.z.wang@intel.com>
Date: Mon, 25 Nov 2024 16:29:38 +0800
Subject: [PATCH 16/20] Update trivy.yml

---
 .github/workflows/trivy.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index f264dee..92819da 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -54,7 +54,7 @@ jobs:
           sudo systemctl daemon-reload
           sudo systemctl restart docker
           cd ./ivsr_ffmpeg_plugin
-          ./build_docker.sh --enable_ov_patch true --ov_version 2022.3
+          ./build_docker.sh --enable_ov_patch false --ov_version 2023.2
       - name: Check disk space
         run: df -h
         
@@ -64,7 +64,7 @@ jobs:
           TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db
           TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db
         with:
-          image-ref: 'ffmpeg_ivsr_sdk_ov2022.3'
+          image-ref: 'ffmpeg_ivsr_sdk_ov2023.2'
           #format: 'template'
           #template: '@/contrib/sarif.tpl'
           format: 'sarif'

From 6775b37274c3b4f901076ad14dfd942ed35d8145 Mon Sep 17 00:00:00 2001
From: wangjingz <jing.z.wang@intel.com>
Date: Tue, 26 Nov 2024 16:31:32 +0800
Subject: [PATCH 17/20] Update trivy.yml

---
 .github/workflows/trivy.yml | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index 92819da..69de0a6 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -54,7 +54,7 @@ jobs:
           sudo systemctl daemon-reload
           sudo systemctl restart docker
           cd ./ivsr_ffmpeg_plugin
-          ./build_docker.sh --enable_ov_patch false --ov_version 2023.2
+          ./build_docker.sh --enable_ov_patch false
       - name: Check disk space
         run: df -h
         
@@ -64,14 +64,17 @@ jobs:
           TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db
           TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db
         with:
-          image-ref: 'ffmpeg_ivsr_sdk_ov2023.2'
+          scan-type: 'image'
+          image-ref: 'ffmpeg_ivsr_sdk_ov2022.3'
           #format: 'template'
           #template: '@/contrib/sarif.tpl'
+          security-checks: vuln
+          #cache: 'true'
           format: 'sarif'
           ignore-unfixed: true
           vuln-type: 'os,library'
           output: 'trivy-ivsr-results.sarif'
-          severity: 'CRITICAL,HIGH'
+          severity: 'CRITICAL'
 
       - name: Upload Trivy scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@v3

From c60bfc64e6d5ac7ed2ac6ab40c270680429a3a24 Mon Sep 17 00:00:00 2001
From: wangjingz <jing.z.wang@intel.com>
Date: Wed, 27 Nov 2024 14:21:38 +0800
Subject: [PATCH 18/20] Update trivy.yml

Add Trivy scan workflow
---
 .github/workflows/trivy.yml | 15 ++-------------
 1 file changed, 2 insertions(+), 13 deletions(-)

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index 69de0a6..5ab014f 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -33,17 +33,6 @@ jobs:
         uses: actions/checkout@v4
       - name: Check disk space
         run: df -h
-      #- name: Clear Git Untracked Files
-        #run: |
-          # git clean -fdx
-      #- name: Clear GitHub Actions Cache
-       # uses: actions/cache@v2
-       # with:
-         # key: ${{ runner.os }}-build-${{ hashFiles('**/lockfile') }}
-         # path: |
-         #   node_modules
-         #   ~/Library/Caches/
-         # action: clean
       - name: Build an image from Dockerfile
         run: |
           # docker build -t docker.io/my-organization/my-app:${{ github.sha }} .
@@ -54,7 +43,7 @@ jobs:
           sudo systemctl daemon-reload
           sudo systemctl restart docker
           cd ./ivsr_ffmpeg_plugin
-          ./build_docker.sh --enable_ov_patch false
+          ./build_docker.sh --enable_ov_patch true --ov_version 2022.3
       - name: Check disk space
         run: df -h
         
@@ -73,8 +62,8 @@ jobs:
           format: 'sarif'
           ignore-unfixed: true
           vuln-type: 'os,library'
+          severity: 'CRITICAL, HIGH'
           output: 'trivy-ivsr-results.sarif'
-          severity: 'CRITICAL'
 
       - name: Upload Trivy scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@v3

From d0b138fbf9392d42ed93a71f6cbcd5ef22d79d3b Mon Sep 17 00:00:00 2001
From: wangjingz <jing.z.wang@intel.com>
Date: Wed, 27 Nov 2024 15:40:52 +0800
Subject: [PATCH 19/20] Update trivy.yml


From 4d6a91b7fad6e2dc1337b6050fe8ee5b02158da8 Mon Sep 17 00:00:00 2001
From: wangjingz <jing.z.wang@intel.com>
Date: Wed, 27 Nov 2024 20:35:08 +0800
Subject: [PATCH 20/20] Update trivy.yml

---
 .github/workflows/trivy.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index 5ab014f..522f06f 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -43,7 +43,7 @@ jobs:
           sudo systemctl daemon-reload
           sudo systemctl restart docker
           cd ./ivsr_ffmpeg_plugin
-          ./build_docker.sh --enable_ov_patch true --ov_version 2022.3
+          ./build_docker.sh --enable_ov_patch false
       - name: Check disk space
         run: df -h